Developing a RESTful Web Application for GAL System

Developing a RESTful Web

Application for GAL System

Elene Gulordava

Dissertation submitted to the School of Technology and Management of Bragan¸ca to obtain the Master’s Degree in Information Systems.

Work supervised by:

Albano Alves and Mikheil Rukhaia

This work does not include the comments and suggestions made by the Jury.

Developing a RESTful Web

Application for GAL System

Elene Gulordava

Dissertation submitted to the School of Technology and Management of Bragan¸ca to obtain the Master’s Degree in Information Systems.

Work supervised by:

Albano Alves and Mikheil Rukhaia

This work does not include the comments and suggestions made by the Jury.

Bragan¸ca 2016

Dedication

I dedicate to my Parents.

Abstract

In today’s reality of Information Technology, we are able to automate many manual work. This fact behaves as a motivator to make job easier for the stuff and appropriate for nowadays standards, rapidly growing around us.

Implemented work serves to exploit manual setup part used in Schedule Generator System of Polytechnic Institute of Braganca (GAL). Around this system work many applications and our new teaching duties project will be one of them. In more detail the problem concerns to assign curricular units to the teachers and departments. In order to solve this issue we will demonstrate Spring Boot Framework as a flexible technology for building RESTful Web Application. It will be guideline of technologies for future related works. Teaching duties project suggests starting point for complete integration with one of the private system in Polytechnic Institute of Bragan¸ca (IPB). Eventually commonly used technologies will give us way for proper arrangement of the problem with security issues using Java security framework, which is an Apache Shiro in our case. All the other instruments for the implementation of RESTful Web Application will be matched to Spring Boot Framework and exactly this capability will help us to solve problem without enforcing huge strength.

Resumo

Na realidade atual das Tecnologias de Informa¸c˜ao, somos capazes de automatizar muitas tarefas que no passado eram feitas manualmente. Este facto funciona como motiva¸c˜ao para tornar o trabalho mais f´acil para as pessoas e adequado `as normas de hoje em dia, que rapidamente se imp˜oe `a nossa volta. Esta influˆencia positiva da tecnologia f´acil trouxe-nos uma ideia para resolver um problema existente, com recurso a uma solu¸c˜ao aplicacional. A quest˜ao principal ´e entender o problema na sua essˆencia e determinar como podemos contribuir para a sua solu¸c˜ao. Este trabalho serviu para contornar o problema da configura¸c˜ao manual necess´aria para utilizar o sistema gerador de hor´arios do Instituto Polit´ecnico de Bragan¸ca (IPB), denominado Gest˜ao de Atividades Letivas (GAL). Em torno deste sistema, s˜ao j´a usadas muitas plataformas e este projeto ser´a um novo servi¸co que ficar´a dispon´ıvel para informatizar o Servi¸co Docente. O problema principal consiste na atribui¸c˜ao de unidades curriculares a departamentos e posteriormente a docentes, de forma simples e sem recurso ao papel. Para resolver esta quest˜ao, usou-se a Spring Boot Framework, como uma tecnologia flex´ıvel para a constru¸c˜ao de uma aplica¸c˜ao web RESTful. A metodologia usada servir´a tamb´em como orienta¸c˜ao para futuros trabalhos relacionados com o SI do IPB. O projeto de informatiza¸c˜ao do Servi¸co Docente tem como requisito fundamental a integra¸c˜ao com o sistema de informa¸c˜ao do IPB. As tecnologias usadas nas v´arias plataformas inform´aticas do IPB permitiram solucionar quest˜oes de seguran¸ca, com a utiliza¸c˜ao da framework Java, recorrendo ao Apache Shiro. Todas as restantes ferramentas utilizadas na implementa¸c˜ao da aplica¸c˜ao web RESTful foram integradas na plataforma Spring Boot Framework, o que permitiu resolver os problemas de codifica¸c˜ao sem um grande esfor¸co.

Acknowledgements

I’m very thankful to Professor Albano Alves and Mikheil Rukhaia, my supervisors from Portugal and Georgia for all the supports during this project. Without their inspiration, motivation and huge effort this work wouldn’t be complete.

A special thanks to developers in IPB Luis Lobo and Filipe Sousa for their technical support, giving me hand in every critical situation and guaranteeing the best working environment.

To my family, being always with me and giving a lot of human positives especially through-out my master academic year.

I’m grateful to my Mum and Dad, two important persons of my life. They were always supporters of my ideas and enthusiasts for me to successfully overcome all the obstacles. Warm thanks to all my friends becoming me stronger and more concentrated to my suc-cessfully done work.

Thanks to Polytechnic Institute of Braganca for giving me chance to have working expe-rience with all these amazing people.

Yes we did it... To all my thanks.

Contents

1 Introduction 1

1.1 Context . . . 2

1.2 Objectives . . . 2

2 Solution 4 2.1 Concepts and Technologies . . . 4

2.2 Restful Web Application description . . . 6

2.2.1 HTTP Methods . . . 11

2.2.2 Resource Naming . . . 12

2.2.3 Representation . . . 12

2.2.4 Unique of Rest . . . 13

2.3 Apache Shiro Characteristic . . . 14

2.3.1 Permission . . . 17

2.3.2 Roles . . . 17

2.4 Oracle Distribution . . . 18

2.5 AngularJS and Bootstrap interpretation . . . 19

2.6 Spring Boot Framework . . . 23

2.6.1 NPM . . . 26

2.6.2 RequireJS . . . 26

2.6.3 Bower . . . 27

2.6.4 Grunt . . . 28

2.6.5 Maven . . . 28

2.6.6 Mybatis . . . 29

3 Implementation 30 3.1 Creating Tables and Relationship Between them . . . 30

3.2 User Interface Configuration with AngularJS and Bootstrap . . . 31

3.2.1 Graphical User Interface of Assignments Module . . . 31

3.3 Rest Implementation with Spring Boot Framework . . . 34

3.4 Authentication and Authorization with Apache Shiro Framework . . . 36

4 Discussion 38

Bibliography 39

A IntelliJ IDEA and WebStorm 41

B Pieces of code implemented in the project 43

List of Figures

1.1 Distribution of teachers, departments and curricular units. . . 3

2.1 Relationship between curricular units and teachers. . . 5

2.2 Relationship between curricular units and departments. . . 5

2.3 Curricular Units module view. . . 6

2.4 Assignments module view. . . 6

2.5 Client-Server constraint. . . 10

2.6 Apache Shiro components. . . 16

2.7 Logical and Physical Storage. . . 19

2.8 AngularJS components. . . 21

2.9 MVC abstraction. . . 22

2.10 Surface field for users to extract value from the rest of Spring. . . 24

3.1 Reading data. . . 32

3.2 Add functionality. . . 32

3.3 New record. . . 33

3.4 Adding same curricular unit from different school. . . 33

3.5 Warning before delete operation. . . 33

3.6 Delete operation. . . 34

Acronyms

API Application Programming Interface.

CRUD Create, Read, Update, Delete operations.

CSS Cascading Style Sheets.

DAO Database Access Object.

DOM Document Object Model.

GAL Schedule Generator System of Polytechnic Institute of Braganca.

HTML Hyper Text Markup Language.

HTTP Hypertext Transfer Protocol.

IDE Integrated Development Environment.

IPB Polytechnic Institute of Bragan¸ca.

IS Information System.

JSON JavaScript Object Notation.

JVM Java Virtual Machine.

LDAP Lightweight Directory Access Protocol.

MVC Model View Controller architecture.

POJO Plain Old Java Object.

RDBMS Relational Database Management System.

REST Representational State Transfer.

RPC Remote Procedure Call.

SDK Software development kit.

SOAP Simple Object Access Protocol.

SQL Structured Query Language.

URI Uniform Resource Identifier.

URL Uniform Resource Locator.

WAR Web Application Archive.

XML Extensible Markup Language.

Chapter 1

Introduction

Nowadays, in technological revolution century most of problem that appears in variety of organizations has been solved by information systems. In general Information System (IS) serves to collect technical and human resources in order to provide the storage, computing, distribution and communication for the information required by all or some part of orga-nization members. In educational orgaorga-nization such as IPB problem appeared during the assignment process of teaching duties. In architectural viewpoint Polytechnic Institute of Braganca is divided by five separate schools according their study areas. Each school has various departments corresponding their directions. For particular departments there is one responsible coordinator. Each department includes many teachers and curricular units. The work through the department goes these following steps. First of all each direction provides list of curricular units. On the department side there is made paper distribution of the services. It goes ahead for scientific consult to approve and finishes with manual setup from the direction of school for the GAL system. All the assignment of curricular units to the department or teacher are done manually, using paper. In re-lationship view we have ”many to many” connection between them. There are a lot of curricular units, teachers and departments which are needed to be arranged to each other. Respectively, human resources job is associated with hard and confusing work. The paper distribution of huge services and its manual setup requires right planning of processes and lot of time as well.

CHAPTER 1. INTRODUCTION ₂

1.1

Context

The working system in IPB stands on collection of different tools. There exists database called academic service, which contains information about students, courses, curricular units and their classification. Around this data storage work different web or desktop applications, some of them are virtual apps also. There is opportunity to be connected to each other all the separate applications around the academic service. Eventually the GAL system is a desktop application which generates schedule for the students and relates to the other application called Sumarios, which serves the complete form of schedule of the year. Before getting start with the application for authentication process, there exists Lightweight Directory Access Protocol (LDAP). IPB uses it to develop a central place for storing username and passwords, that allows many different applications with their services to connect to the LDAP server for validate users in order to check if users identity and credential are correct. Each new service provided for the university makes integration with LDAP server, inclusively for this time developed teaching duties web application, which is the new working solution on GAL and academic service combination field.

1.2

Objectives

CHAPTER 1. INTRODUCTION ₃

Chapter 2

Solution

2.1

Concepts and Technologies

In order to solve existing problem the main idea is to think about appropriate algorithm, technology, that will give a hand to do work easily and comfortably. The first issue stands on database side. Its design view helps to gain a global picture of the system to decide in which way it could be match with new solutions. After getting point of the problem, analyzing details, discussing and thinking as a client, comes in order information about the data model, tables and relationship between them. In assignment process of curricular units to the teachers we need to connect already existing two tables: curricular units and teachers. A curricular unit can be assigned to a variety of teachers. As a reverse case a teacher can be assigned to a different curricular units. We got that identification of relation is ”many to many”, which means that a new table will appear between curricular units and teachers. The same approach is used for the departments. Figure 2.1 shows relationship between curricular units and teachers. Figure 2.2 shows relationship between curricular units and department. On the application view side there are two profiles like a Role: Pivot and Coordinator. Each Role is assigned to the specific user interface such as Curricular Units and Assignments modules. The Curricular Units interface provides to assign curricular units to the teachers, second module serves assignment of curricular units

CHAPTER 2. SOLUTION ₅

Figure 2.1: Relationship between curricular units and teachers.

CHAPTER 2. SOLUTION ₆

Figure 2.3: Curricular Units module view.

Figure 2.4: Assignments module view.

to the departments. Opportunities for authorized users on Curricular Units module are to select school and department, see the view if there exist some assignments according for already chosen values or add new curricular units to the department by identifying school, program, study plan and curricular unit. There is also opportunity to delete unnecessary record. On Assignments module side is required to choose school, department, teacher and check if there are already assigned curricular units to the selected teacher or add new assignment or delete. Figure 2.3 shows assignment view of curricular units to the department. Figure 2.4 shows assignment view of curricular units to the teacher.

2.2

Restful Web Application description

CHAPTER 2. SOLUTION ₇

CHAPTER 2. SOLUTION ₈

Resource Identifiers. The resources come in action by using a set of easy, well-defined operations. The REST architectural style is a client-server approach which is designed to use a stateless communication protocol, commonly HTTP. In its architecture clients and servers exchange representations of resources by the standardized interface and protocol. REST Server simply develops access to resources and REST client accesses them. It uses different type of representations for the resources such as text, JavaScript Object Nota-tion (JSON) and XML. For the last years JSON is the most popular format to be used in Web services. All these principles make Restful Web Applications simple and lightweight. More precisely the REST architectural style contains six constraints:

• Uniform Interface: This constraint specifies a significant interface between clients and servers. It’s some kind of contract for communication through clients and server. They represent short rules to return components in the generic way. It makes eas-ier presentation of architecture in separation way of the whole system in order to evolve them independently. There are four guiding principles of the Uniform Inter-face: Resource-Based, Manipulation of Resources Through Representations, Self-descriptive Messages, Hypermedia as the Engine of Application State. Resource Based- Individual resources are defined in requests using Uniform Resource Iden-tifier (URI)s which are resource idenIden-tifiers. The resources are decoupled from the representations that are given to the client. The idea is that server doesn’t send as a response its database, just some JSON or XML that are one of the way for database record expressing. Manipulation of Resources Through

Representations-The client or receiver of resource representation has enough information to mod-ify or delete the resources on the server with proper permitted permission. Self-descriptive Messages- Any message includes good enough information to find out how to process them and each responses explicitly indicate their cache-ability.

CHAPTER 2. SOLUTION ₉

storage. Resource state, on the other hand is constant across every client who makes a request about this particular resource.

• Stateless: Idea of statelessness represents that the necessary state to capture the request is bind within the request itself, even if as part of the URI, query-string parameters, body or headers. When the server finishes it’s processing the proper state, or the pieces of state are getting into contact back to the client trough headers, status and response body. Statelessness enables greater scalability while the server doesn’t provide processes to maintain, update or communicate that session state. Basically state or application state is that point where server cares about to fulfill a request data necessary for the current session or request. Here client has the opportunity to send multiple requests to the server, which must be independent from each other and in every request can be included the necessary information. After that server starts properly defined processes with them.

• Cacheable: As on the World Wide Web, clients has opportunity to cache re-sponses which must implicitly or explicitly provide themselves as cacheable or not in order to prevent clients reusing stale or inexpediency data in response for further requests. Well-defined caching partially or completely spin-offs some client–server interactions, further improving scalability and performance. More specifically many clients get access to the same server and request the same resources. That is way are useful these responses to be cached, in order to avoid unnecessary processing and increase quality of performance.

CHAPTER 2. SOLUTION ₁₀

Figure 2.5: Client-Server constraint.

http://2016karma.jimdo.com/2016/02/28/counter-strike-source-gcf-download/

server responses trough the internet.

• Layered System: A client can’t usually tell whether it’s connected directly to the end server or trough the intermediate opportunity. Intermediary servers are improving system scalability by providing shared caches. Layers can also enforce security policies. It means that our application must contain layers which should be changeable when we need to add or delete other layers. The principle of this approach is that the customer couldn’t directly call the application server. Customer needs to take care of communication trough the intermediary which is responsible for distributing the requests on servers. In the case of some changes, it’s more flexible to change intermediary.

CHAPTER 2. SOLUTION ₁₁

2.2.1

HTTP Methods

CHAPTER 2. SOLUTION ₁₂

DELETE a resource is associated to remove it. Constantly calling DELETE on that resource gives the same result, it just disappears. After second time Calling it will often return a 404 (NOT FOUND) since it was already removed, which makes DELETE oper-ations no longer idempotent, but is a proper compromise if resources are removed from the database instead of being just simply marked as deleted.

2.2.2

Resource Naming

To initialize the HTTP functions and make resource naming properly is one of the most im-portant concept to mention when creating an understandable Web Application Program-ming Interface (API). The resources need to be named clearly. In essence the RESTful API represents simple collection of URIs. HTTP calls to those URIs, where as a response come JSON or XML representations of resources, that will contain relational links. Each resource on the web server has its own address and every resource in a service will have even one identifying URI. It’s simple to find out which are looking for, when URI makes sense and appropriately describes the resource. URIs should follow a predictable struc-ture to increase understandability and usability as well. In additionally RESTful APIs are written for consumers. The name and structure of URIs should be meaningful to those consumers. It’s often difficult to know what the data boundaries should be, but with understanding of data there is guaranty of representation from the clients. Design needs to be for the clients not for only data.

2.2.3

Representation

CHAPTER 2. SOLUTION ₁₃

services would support all of those methods. According recommendation the use of rep-resentation file extensions should be such as ’.json’, ’.xml’ and wrapped options, ’.wjson’ and ’.wxml’. When the talk goes about REST services, XML is largely misplaced. Sim-ply anyone uses XML with REST and also it’s a recommendation which standards and conventions are not competitive action.

2.2.4

Unique of Rest

CHAPTER 2. SOLUTION ₁₄

from the technologies that make easier production. All the opportunity that it gives such as performance, flexibility, easy of use, clean, secure, extensible, maintainable are aimed to make rapid implementation of our APIs in the organizations, in order to keep safe our employers and clients from the online swindling. [11] [15] [1] [17]

2.3

Apache Shiro Characteristic

CHAPTER 2. SOLUTION ₁₅

any JVM based application from the command line applications to the largest web and enterprise APIs. In architectural view Shiro has three main concepts: Subject, Security Manager and Realms. As a Subject is considered the currently existing user, the thing which at the present time interacts with the software. Once when we will get the Subject, we have access to almost everything we had want to do with Shiro for the current user. Manage the operations such as login, logout, access their sessions, execute authorization checks in order to see if the current user is allowed to perform the requested action or not. Security Manager of Apache Shiro manages security operations for all users. It’s heart of Shiro’s architecture, known as an Umbrella object, that references lot of internally nested security components which are forming an object graph. The default implementations of Security Manager are Plain Old Java Object (POJO)s and they are configurable with any POJO-appropriate configuration technique. In general Plain Old Java Object doesn’t bound any special restriction and not required any class path. Final core concept Realm behaves as bridge or connector between Shiro and application security data. It represents synonym of Database Access Object (DAO)s which encapsulate connection details for secure data sources and make them available to Shiro as needed. In abstract way to show how authentication process is done with Shiro, there are eventually three steps:

• Collect the user’s identifying information, called principals and supporting proof of identity, called credentials.

• Submit the principals and credentials to the system.

• If the submitted credentials match what the system expects for that user identity (principal), then will be considered successful authentication. If they don’t match, the user is not considered to authenticate.

CHAPTER 2. SOLUTION ₁₆

Figure 2.6: Apache Shiro components.

http://shiro.apache.org/architecture.html

• Subject - Security specific user ’view’ of an application user.

• Principals - A subjects identifying attributes.

• Credentials - secret data that are used to verify identities.

• Realms - Security specific DAO, software component that talks to a backend data source.

CHAPTER 2. SOLUTION ₁₇

2.3.1

Permission

In particularly Permissions are the security policies and statements of functionality. They define what can be done in the application. A well formed Permission describes resource types and what actions can be performed and are possible when will have an interaction with those resources. Most commonly used actions for data related resources are CRUD. It’s necessary to understand that Permissions don’t hold information about a current interacting user, who can perform the actions, they are only statements of what actions can be performed. In Apache Shiro there are Permission levels in order of granularity:

• Resource Level - This is very wide and easiest to build. A user can edit records. The resource is specified but not a specific instance of that resource.

• Instance Level- Initializes the instance of a resource.

• Attribute Level - The permission now identifies an attribute of an instance or resource.

2.3.2

Roles

CHAPTER 2. SOLUTION ₁₈

lower maintenance of the application. In Apache Shiro technology is able to dynamically add, remove, or change Roles at runtime and authorization checks will always have up to date values. There is no necessity to force users to logout and log back in order to get their new Permissions. [13] [12] [14]

2.4

Oracle Distribution

CHAPTER 2. SOLUTION ₁₉

Figure 2.7: Logical and Physical Storage.

https:

//docs.oracle.com/cd/E11882_01/server.112/e40540/logical.htm#CNCPT301

of Oracle database is that its architecture is divided into logical and physical parts, which means that for huge distributed computing the data location is inappropriate to the user, give opportunities for a modular physical structure without affecting the activity of the database. These separated parts gives chance to manage physical storage of data without affecting to logical structures. In general the logical part of database are data blocks, extents, segments and table spaces. At a physical level, the data are located in data files on disk which is allocated in operating system blocks. Figure 2.7 shows Logical and Physical Storage entities. [16]

2.5

AngularJS and Bootstrap interpretation

CHAPTER 2. SOLUTION ₂₀

but it loses its strength when we are declaring dynamic views in web applications. In order to solve this problem appears Single Page Web Application which is an AngularJS. It’s a structural framework for dynamic web apps. It allows to use HTML as a template language and lets extend HTML’s syntax to express our application’s components in such a way that is easy to understand. Its data binding and dependency injection opportuni-ties takes away some of the code that we have to write at the given time. It can be an ideal partner with any server technology. The characteristic features of AngularJs are the following:

• Robust JavaScript based development framework which provides rich Internet Ap-plication.

• Good enough possibility to write client side application using JavaScript in a clean MVC way.

• Applications implemented in AngularJS are cross browser compliant. It automati-cally handles JavaScript code appropriate for each browser.

• AngularJS is open source, entirely free framework which is used by thousands of developers around the world. It has official permission under the Apache License version 2.0.

Core concepts of AngularJS which are commonly used are the following: Data Binding

-The automatic synchronization of data in the middle of model and view components.

Scope -Objects that indicate to the model. They behave as a glue between controller and view. Controller -JavaScript functions which are captured in a particular scope.

Services -Single objects that are instantiated only once in application. Filters -Select a subset of units from an array and returns a new array. Directives -Markers on Docu-ment Object Model (DOM) eleDocu-ments such as eleDocu-ments or attributes. They can be used to define custom HTML tags that serve as new, custom widgets. Templates-The view with information from the controller and model which can be a single file or multiple views.

CHAPTER 2. SOLUTION ₂₁

Figure 2.8: AngularJS components.

http://www.tutorialspoint.com/angularjs/angularjs_overview.htm

CHAPTER 2. SOLUTION ₂₂

Figure 2.9: MVC abstraction.

http://www.tutorialspoint.com/angularjs/angularjs_mvc_architecture.htm

CHAPTER 2. SOLUTION ₂₃

commonly used and popular HTML, Cascading Style Sheets (CSS) and JavaScript frame-work for easy and fast creating responsive, mobile-first Web Applications. Bootstrap was developed by Mark Otto and Jacob Thornton and it was released as an open source in August 2011 on GitHub. Bootstrap produces mobile first styles throughout the whole library. It has support from all the commonly used web browser. Only basic knowledge of CSS and HTML makes easy to get started with Bootstrap. It provides an unique solution for building user interface. It’s rich with nice and useful built in components that are flexible for customizing. Its basic structure is based on Grid System. In graphical design a Grid System is mostly related with two dimensional structure, crisscrossing vertical and horizontal lines in order to structure content. It’s one of the best solution to build layout and content concepts in print design. Its easy to use methods with CSS and HTML clear consistent layout. In general, grids in web design field arrange structure of content which helps to make easy scan and reduce the conscious mental processes load on users. Boot-strap uses the main settings of CSS and also basic HTML elements. It obtains a great amount of reusable components which are created to produce navigation, alerts and so on. Related with plugins, Bootstrap contains a lot of JQuery custom plugins. In order to customize its components just needed LESS variables and JQuery plugins. It isn’t necessary to set up our own environment to start working with Bootstrap. It has its own online environment where we are free to execute and test tasks. It really needs to mention that using Bootstrap we are designing beautiful web application where we don’t have to write many CSS codes. [2] [3] [4]

2.6

Spring Boot Framework

CHAPTER 2. SOLUTION ₂₄

Figure 2.10: Surface field for users to extract value from the rest of Spring.

https:

//spring.io/blog/2013/08/06/spring-boot-simplifying-spring-for-everyone

that can be started using java jar or more traditional Web Application Archive (WAR) deployments. Figure 2.10 shows Spring Boot as a point of focus on the larger Spring system. Spring Boot Framework mainly serves the following:

• Develop an effectively faster and widely accessible ”getting started” experience for all Spring development.

CHAPTER 2. SOLUTION ₂₅

• Make available a range of non functional features that are common to large classes of projects

• No code generation and no must have to requirement for XML configuration. Spring Boot accomplish tasks with a small command line application that can be used to run Spring scripts which are written in Groovy. It’s familiar Java syntax, without so huge code. Its’n necessary to use the command line tool or write Groovy code to get the benefits of Spring Boot. In the advantages list of this technology comes the first class Java support. It also includes convenient features which are needed in the process of pushing an application into production. It is also possible to provide web endpoints automatically that can be used to monitor application state, develop basic metrics or use to analyze production issues. By default, Spring Boot 1.4.0.BUILD-SNAPSHOT needs Java 7 sup-port. Explicit build support is developed for Maven (3.2+) and Gradle (1.12+). List of embedded servlet containers which are supported out of the box: Spring Boot is familiar

Table 2.1: Table of Servlet Containers Servlets with Java version

Name Servlet Version Java Version

Tomcat 8 3.1 Java 7+

Tomcat 7 3.0 Java 6+

Jetty 9 3.1 Java 7+

Jetty 8 3.0 Java 6+

Undertow 1.1 3.1 Java 7+

CHAPTER 2. SOLUTION ₂₆

Spring Boot there are other technologies that are supported and were used for teaching duties application: NPM, RequireJS, Bower, Grunt, Mybatis.

2.6.1

NPM

This technology in teaching duties project has been used as a package manager for JavaScript which aims to find, share or reuse packages of code from thousands of de-velopers and bound them in powerful new ways. So NPM makes easy for javascript programmers to share the code that was created to solve particular problem and reuse them around other applications. When there is dependency to this shared code there is also possible to check about updates and download them which approves its high level usability. It’s one of best reusable package module. NPM provides huge database of reg-isters that are packages shared by the people. When there is desire to share some own code, NPM client enables to publish code up to the register and when there is an entry point trough register, other people can use also their NPM client to install packages from the register. The entry in register for this package is also reflected to the website. As a result NPM is one of the best opportunity to use codes from others, share your code with others also and make easy management of their different versions. [5] Eventually NPM can be represented as:

• Package manager for Node.js

• Public collection of packages of open-source code for front-end web, mobile, server-side applications.

• Helpful for millions of developers around the world to share/reuse JavaScript code.

2.6.2

RequireJS

CHAPTER 2. SOLUTION ₂₇

the speed and quality of the code. RequireJS does a different approach to script loading than traditional script tags. While it can also run fast and optimize well, the main goal goes on encouragement of modular code. As part of that, it encourages to use module IDs instead of URLs for script tags. It loads all the codes related to a base URL which is set to the same directory as the script used in a data-main attribute for the top level script to load for a page. The require.js file will check this value to start script loading. Base URL also can be set manually trough the RequireJS config. It also assumes by default that all dependencies are scripts, which means that it does not expect to see a trailing ”.js” suffix on module IDs. RequireJS will automatically add it in the process of translating the module ID to a path. With the paths config it is possible to set up locations of a group of scripts. All of these capabilities allows to use smaller strings for scripts as compared to traditional script tags. [6]

2.6.3

Bower

CHAPTER 2. SOLUTION ₂₈

2.6.4

Grunt

Grunt represents Javascript task runner which serves automation of the processes. The less work is required in process of performing repetitive tasks like minification, compila-tion, unit testing, linting. In order to achieve all these results we used this system in our project. It really made job easier for us. After finishing its configuration part through a Gruntfile, a task runner can do most of work with none of an effort from our side. The Grunt environment is increasing and growing every day. With literally hundreds of plugins to choose from, we can use Grunt to automate just about anything with a less of effort. Grunt and its plugins are installed trough NPM. It requires stable Node.js file which is considered unstable development version. Before setting up Grunt ensure that your NPM is up-to-date by running: npm update -g npm command. [8]

2.6.5

Maven

In general Maven can appear to be many things, but in a nutshell for the new developed application Maven performs a struggle to apply patterns to a project’s build infrastructure to encourage comprehension and productivity by providing a well defined path in the use of best practices. Maven develops a project management and completely understandable tool. It helps to manage the following: Builds, Documentation, Reporting, Dependencies, Releases Distribution. Maven has the ability to provide benefits for our build process by employing standard practices to hasten our development cycle while at the same time giving us hand to achieve a higher rate of success. Maven configuration happens at three levels:

• Project - Most static configuration occurs in pom.xml

• Installation - This is the configuration which added once for a Maven installation.

• User - It’s the specific configuration to a particular user.

CHAPTER 2. SOLUTION ₂₉

parent pom.xml. We can specify our user configuration in user.home/.m2/settings.xml. It is possible also to do a full reference to the configuration file. [9]

2.6.6

Mybatis

Chapter 3

Implementation

3.1

Creating Tables and Relationship Between them

Our deal with Oracle database started in the process of creating tables. There are three ta-bles which are new in already existing list: COORDINATOR, CUNIT DEPARTMENTS, CUNIT TEACHERS. First table gives us all the user who is able to work with the ap-plication. Second is used to save records about assignments of curricular units to the teachers and third table was created to push all the curricular units which are assigned to the departments. Properly performed adding or removing operations make influence on the last two tables. As for relationship, each department has an only one responsible coordinator, so it tells about one to one relationship between Coordinator and Depart-ment tables. CUNIT TEACHERS table was created because of many to many relation between curricular units and teachers tables. CUNIT DEPARTMENTS is also the result of many to many connection between curricular units and departments tables. We are as-signing different curricular units to the variety of teachers or departments that is why we have these many to many relations. Flexibility of using data from database is achieved by Mybatis integration with Spring Boot Framework. All the queries are written in an appro-priate xmls. In GeneratorConfig.xml file we just made connection with Oracle database, specified tables and got easy interaction with the data. Each queries from database were

CHAPTER 3. IMPLEMENTATION ₃₁

bounded in mapper.xml files properly constructed in Spring Boot Framework.

3.2

User Interface Configuration with AngularJS and

Bootstrap

For Assignments and Curricular Units user interface modules we have gotten three main parts such as Controller, Model and View implemented with AngularJS and Bootsrtap components. These three parts are defined for both of modules: Assignments and Curricu-lar Units. All the fields on Assignments module are represented by bootstrap comboboxes. The records are described as a table. We are handling each input event using a controller which interacts with the module and changes the view as users require it from the be-ginning. For the assignment module we implemented two controllers: AssignmentsCtrl.js and PrintCtrl.js. In the first controller we are catching all the input data by the watching statements such as ”school” or ”department”. Scope for getting assignments according teacher code value uses this path: /academic/assignment/:teacherCode and returns all the appropriate records using curricularUnits scope. The second Print controller is used to display curricular units assigned to the teacher and print them. On the view side there are appropriate htmls for the controller. With bootstrap comboboxes we used div and label classes. Information about the assignments is expressed using a table. For the Print.tpl.html file we have used table layout of the contents. The final module part identifies module called Assignments with name, url, controller, templateUrl and data parameters. The same approach is done for the second implemented module named as a Curricular Units.

3.2.1

Graphical User Interface of Assignments Module

CHAPTER 3. IMPLEMENTATION ₃₂

Figure 3.1: Reading data.

Figure 3.2: Add functionality.

used for the second Curricular Units module with the appropriate Rule and Permissions. Detail interpretation of Assignments module includes the following:

CHAPTER 3. IMPLEMENTATION ₃₃

Figure 3.3: New record.

Figure 3.4: Adding same curricular unit from different school.

CHAPTER 3. IMPLEMENTATION ₃₄

Figure 3.6: Delete operation.

3.3

Rest Implementation with Spring Boot

Frame-work

CHAPTER 3. IMPLEMENTATION ₃₅

CHAPTER 3. IMPLEMENTATION ₃₆

3.4

Authentication and Authorization with Apache

Shiro Framework

In the process of authentication and authorization with Apache Shiro technology, Subject for the application is human User. In authentication controller class as we get it then we collect Subject’s principals and credentials using UsernamePasswordToken Class, where is represented POJOs and function overloading. UsernamePasswordToken implements HostAuthenticationToken and RememberMeAuthenticationToken classes. Both of them extend AuthenticationToken class, that gives information about principals and creden-tials. RememberMeAuthenticationToken class does the job for the application in order to remember users when they return. The next step in the Authentication process is to submit the token to an authentication system, that is supported by security-specific DAOs, which are idea of Realms. If the login() method call is successful, it means that the user is logged in with an associated user account. In other cases works exception han-dling process. The logout part is done using subject.logout(); which will close the user session. To implement part of Authorization we have created interface Permissions, where are listed all the permissions. Every interaction with the server are secure via permission checking. In user interface modules which are developed to assign curricular units to the departments and teachers we have different Roles for each modules. Every Role has an access to proper Module. According Roles users have an access of Permissions. From the database view there are several tables for authorization process, for instance such as Roles.

Table 3.1: Piece of Roles table. Roles description

RoleId Description

coordinator Department Coordinator

CHAPTER 3. IMPLEMENTATION ₃₇

Chapter 4

Discussion

From the beginning we were supposed to achieve desirable assignments of curricular units for the teachers and departments. Despite of many difficulties we have gotten defined goal. In front of us was problem how to manage different assignments of curricular units for the various teachers and departments. Functionality which we have implemented was needed to match our design. We tried to avoid additional windows on the web pages in order to do work simply. First Customer just need to perform authentication and authorization process. According the rules user will be able to see the appropriate modules and with properly defined permissions will accomplish actions in the application. On the user interface customer just needs to make a selection from the comboboxes and click on one button to assign the selected assignment. For removing and printing assignments there is also only print and remove buttons. As it seems design is pretty customized. Permitted users for the application need little effort instead of manual work related with papers. This new project exploited an existing problem and appeared as a foundation for future improvements which can be other tasks with their solutions related to the GAL system. As an advantage for implemented work could be that it’s the first project which is integrated to the system existing in IPB. We have used same technologies, programming languages and all other instruments to make the sense of usability. Each used technologies gave chance to build stand alone projects with high level security and integration to other systems.

Bibliography

[1] http://www.tutorialspoint.com/soap/. [2] https://angularjs.org/.

[3] https://en.wikipedia.org/wiki/AngularJS. [4] http://getbootstrap.com/.

[5] https://www.npmjs.com/. [6] http://requirejs.org/. [7] https://bower.io/. [8] http://gruntjs.com/.

[9] https://maven.apache.org/.

[10] http://www.mybatis.org/mybatis-3/.

[11] Todd Fredrich. Restful service best practices. Technical report, May 29, 2012. [12] Nathan A. Good. Introducing apache shiro. September 14, 2010.

[13] Les Hazlewood. Application security with apache shiro. March 14, 2011. [14] Christopher Lynch. Apache shiro - executive summary.

[15] John Mueller. Understanding soap and rest basics and differences. January 8, 2013.

BIBLIOGRAPHY ₄₀

[16] 10g Release 2 (10.2) Oracle Database Online Documentation. Introduction to the oracle database.

[17] Cesare Pautasso. Ws-* vs. restful services.

Appendix A

IntelliJ IDEA and WebStorm

JetBrains IntelliJ IDEA is a cross-platform technology which works on Windows, OS X and Linux that brings the whole range of precise developers tools, all collected together to create the convenient development environment. In order to support the Spring Frame-work, IntelliJ IDEA develops a set of plugins and a devoted facet type. All Spring plugins are bundled with the IDE and are enabled by default as well. The Spring facet is com-monly used in combination with Hibernate. The Spring Boot support in IntelliJ IDEA contains:

• Integration of Spring Initialization which lets to create a custom Spring Boot starter project using a pre-configured project template directly from the New Project wiz-ard.

• Advanced coding assistance for editing our application configuration which contains code completion, error highlighting, navigation and quick fixes.

• A dedicated Run/Debug configuration that allows to quickly override the Spring Boot settings.

The smartest JavaScript IDE WebStorm represents lightweight yet powerful IDE, effi-ciently appointed for complex client-side development and server-side development with Node.js. WebStorm helps to write code better via smart code completion, on-the-fly error

APPENDIX A. INTELLIJ IDEA AND WEBSTORM ₄₂

Appendix B

Pieces of code implemented in the

project

// b u n d l i n g t h e username and password with Apache S h i r o

p u b l i c UsernamePasswordToken ( S t r i n g username , c h a r [ ] password ) // S e t t i n g remembered p r i n c i p a l s

p u b l i c b o o l e a n isRememberMe ( ) // G e t t i n g c u r r e n t l y e x i s t i n g u s e r

S u b j e c t s u b j e c t = S e c u r i t y U t i l s . g e t S u b j e c t ( ) ;

// A u t h e n t i c a t i n g c u r r e n t l y i n t e r a c t i n g s u b j e c t s with t h e system s u b j e c t . l o g i n ( c r e d e n t i a l s ) ;

// Removing c u r r i c u l a r u n i t s a c c o r d i n g departments S t r i n g DEPARTMENT CURRICULAR UNIT DELETE =

” department : c u r r i c u l a r u n i t : remove ” ;

// c h e c k s ACADEMIC SCHOOL READ p e r m i s s i o n f o r t h e s u b j e c t

@RequestMapping ( method = RequestMethod .GET, v a l u e = ”/ s c h o o l ” ) @ R e q u i r e s P e r m i s s i o n s

APPENDIX B. PIECES OF CODE IMPLEMENTED IN THE PROJECT ₄₄

p u b l i c L i s t<School> g e t S c h o o l s ( ) { r e t u r n schoolMapper . g e t S c h o o l s ( ) ;

}

//getting teachers for the curricular units, rest implementation

@RequestMapping ( method = RequestMethod .GET, v a l u e = ”/ a s s i g n m e n t /{teacherCode}”)

@ R e q u i r e s P e r m i s s i o n s ( P e r m i s s i o n s .ACADEMIC ASSIGNMENT TEACHER READ) p u b l i c L i s t<C u r r i c u l a r U n i t I n f o>

g e t C u r r i c u l a r U n i t T e a c h e r s ( @PathVariable ( ” teacherCode ” ) I n t e g e r teacherCode ) {

r e t u r n cunitTeacherMapper . g e t T e a c h e r s F o r C u r r i c u l a r U n i t ( teacherCode ) ;

}

//getting assignments for the teacher using controller $ s c o p e . getAssignment = f u n c t i o n ( ) {

a p i . g e t ( ’ / academic / a s s i g n m e n t / : teacherCode ’ , {

teacherCode : $ s c o p e . t e a c h e r . code

}) . then ( f u n c t i o n ( c u r r i c u l a r U n i t s ) {

$ s c o p e . c u r r i c u l a r U n i t s = c u r r i c u l a r U n i t s ;

}) ;

};

// query for getting curricular units for the teacher <s e l e c t i d=”g e t T e a c h e r s F o r C u r r i c u l a r U n i t ”

r e s u l t T y p e=”pt . i p b . s e r v i c o d o c e n t e . model . C u r r i c u l a r U n i t I n f o ”> SELECT

s c . code ” s c h o o l . code ” , s c . name ” s c h o o l . name ” ,

APPENDIX B. PIECES OF CODE IMPLEMENTED IN THE PROJECT ₄₅

u . s c h o o l c o d e ” c u r r i c u l a r U n i t . schoolCode ” , u . programme code ” c u r r i c u l a r U n i t . programmeCode ” , u . s t u d y p l a n c o d e ” c u r r i c u l a r U n i t . studyPlanCode ” , u . code ” c u r r i c u l a r U n i t . code ” ,

u . name ” c u r r i c u l a r U n i t . name ” ,

o . s c h o o l c o d e ” o p t i o n a l i t y . schoolCode ” , o . programme code ” o p t i o n a l i t y . programmeCode ” , o . s t u d y p l a n c o d e ” o p t i o n a l i t y . studyPlanCode ” ,

o . c u r r i c u l a r u n i t c o d e ” o p t i o n a l i t y . c u r r i c u l a r U n i t C o d e ” , o . code ” o p t i o n a l i t y . code ” ,

o . name ” o p t i o n a l i t y . name ” ,

p . s c h o o l c o d e ”programm . schoolCode ” , p . code ”programm . code ” ,

p . name ”programm . name ” ,

s . s c h o o l c o d e ” studyPlan . schoolCode ” , s . programme code ” studyPlan . programme code ” , s . code ” studyPlan . code ” ,

s . branch ” studyPlan . branch ”

FROM c u n i t t e a c h e r s a −− a s s i g n m e n t JOIN s c h o o l s c

ON s c . code = a . s c h o o l c o d e

APPENDIX B. PIECES OF CODE IMPLEMENTED IN THE PROJECT ₄₆

ON a . s c h o o l c o d e = u . s c h o o l c o d e

AND a . programme code = u . programme code AND a . s t u d y p l a n c o d e = u . s t u d y p l a n c o d e AND a . code = u . code

LEFT JOIN o p t i o n a l i t y o

ON a . s c h o o l c o d e = o . s c h o o l c o d e

AND a . programme code = o . programme code AND a . s t u d y p l a n c o d e = o . s t u d y p l a n c o d e AND a . code = o . c u r r i c u l a r u n i t c o d e

AND NVL( a . o p t i o n c o d e , 0 ) = NVL( o . code , 0 )

JOIN s t u d y p l a n s

ON a . s c h o o l c o d e = s . s c h o o l c o d e

AND a . programme code = s . programme code AND a . s t u d y p l a n c o d e = s . code

JOIN programm p

ON a . s c h o o l c o d e = p . s c h o o l c o d e AND a . programme code = p . code

WHERE a . t e a c h e r c o d e = #{teacherCode}